1) Off-site backup of servers is a fundamental requirement. Cloud-based backup to remote data centres is well-established and provides fully-automated and intelligent protection that eliminates human error and all the other problems associated with tape-based backup.
2) Backup is relatively easy – restore is the key issue. Ensure the service includes regular testing of the full server restore process so that reliability and timescales are fully understood. Ensure the service is also effective at bare-metal restores and is backed by high-quality, in-depth engineering support.
3) Choose a solution based on proven and widely-used backup and restore software, with the necessary high-level encryption and security and the necessary level of support from both the service provider and the software developers.
4) Know exactly where the off-site backups will be stored. This inevitably means private rather than public cloud. Inspect the location to ensure it is a high-security Tier 3 (or in certain cases, Tier 4) data centre with suitably high-capacity bandwidth availability.
5) Ensure the backup maintains multiple data revisions, to allow restore of earlier versions, for example in the case of a virus attack
6) Consider a combination of server imaging and granular-level backup. Imaging is faster for full server restores, while granular-level backup enables recovery of small quantities of lost or corrupted data from the remote data vault – even individual files or e-mails.
7) Decide what data, if any, needs the added security of replicating the backup to a second secure data centre in a geographically separate location.
8) Define your Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) to help determine what solution, at what price, is suited to your circumstances. RTO helps balance the cost of a particular disaster recovery solution against the acceptable systems outage time. RPO refers to potential data loss and determines the required frequency of the scheduled backups.
9) Assess the cost of backup and disaster recovery arrangements against the probability of any particular risk crystallising. The probability of data loss or corruption, or of hardware failure, is relatively high, so it is worth paying for a quality cloud-based solution.
10) Many solutions protect only the data and the servers. Arrangements should also be in place to cover loss of the rest of the network and the workplace. However this risk is relatively low probability, so unless the impact is very significant, a low cost solution should be sought.
Ian Cockburn FCA is managing director of RescueIT